diff --git a/doc/designs/dtlsv1_3/dtlsv1_3-main.md b/doc/designs/dtlsv1_3/dtlsv1_3-main.md index f66502377aecb1..da280ea127ed8c 100644 --- a/doc/designs/dtlsv1_3/dtlsv1_3-main.md +++ b/doc/designs/dtlsv1_3/dtlsv1_3-main.md @@ -65,6 +65,11 @@ This is enforced by the macro `SSL_CONNECTION_MIDDLEBOX_IS_ENABLED(sc)`. The DTLSv1.3 implementation uses the label "dtls1.3" as described by RFC9147 section 5.9. +#### DTLS 1.3 Epoch + +The DTLSv1.3 implementation modifies the epoch according to RFC9147 section 6.1 +for DTLSv1.3 connections. + Implementation progress ----------------------- @@ -83,7 +88,6 @@ is not covered by these workitems and must be implemented separately. | ACK messages | - | | Use HelloRetryRequest instead of HelloVerifyRequest | #22985, #22400 | | Message transcript | - | -| DTLSv1.3 epoch | #23553 | | ClientHello | #23320 | | EndOfEarlyData message | - | | Variable length header | - | @@ -129,13 +133,6 @@ And > 4.2.3. Record Number Encryption -#### DTLSv1.3 epoch - -The epoch is maintained differently from DTLS 1.2 - -> The DTLS epoch ... is set as the least significant 2 octets of the connection -> epoch, which is an 8 octet counter incremented on every KeyUpdate - #### ClientHello DTLS adds legacy_cookie which has a forced value. And there are changes to the diff --git a/test/recipes/70-test_dtls13epoch.t b/test/recipes/70-test_dtls13epoch.t index 09fb56320acfde..f89c5b30b8592b 100644 --- a/test/recipes/70-test_dtls13epoch.t +++ b/test/recipes/70-test_dtls13epoch.t @@ -17,8 +17,8 @@ use TLSProxy::Message; my $test_name = "test_dtlsrecords"; setup($test_name); -plan skip_all => "TLSProxy isn't usable on $^O" - if $^O =~ /^(VMS)$/; +plan skip_all => "DTLSProxy isn't usable on $^O" + if ($^O =~ /^(VMS)$/) || ($^O =~ /^(MSWin32)$/); plan skip_all => "$test_name needs the dynamic engine feature enabled" if disabled("engine") || disabled("dynamic-engine");